package com.security.gateway.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;

/**
 * @author wangning
 * @create 2021-03-27 8:46
 */
@Configuration
public class ResourceServerConfig {

	//uaa资源

	public static final String RESOURCE_ID = "res1";

	/**
	 * 统一认证服务(UAA) 资源拦截
	 */
	@Configuration
	@EnableResourceServer
	public class UAAServerConfig extends ResourceServerConfigurerAdapter {
		@Autowired
		private TokenStore tokenStore;

		@Override
		public void configure(ResourceServerSecurityConfigurer resources) {
			resources.tokenStore(tokenStore).resourceId(RESOURCE_ID).stateless(true);
		}

		@Override
		public void configure(HttpSecurity http) throws Exception {
			http
					.authorizeRequests().antMatchers("/uaa/**")
					.permitAll();//uaa需要认证，全部放行
		}
	}

	//order
	@Configuration
	@EnableResourceServer
	public class OrderServerConfig extends ResourceServerConfigurerAdapter {
		@Autowired
		private TokenStore tokenStore;

		@Override
		public void configure(ResourceServerSecurityConfigurer resources) {
			resources.tokenStore(tokenStore).resourceId(RESOURCE_ID).stateless(true);
		}

		@Override
		public void configure(HttpSecurity http) throws Exception {
			http
					.authorizeRequests().antMatchers("/order/**")
					.permitAll();
//					.access("#oauth2.hasScope('ROLE_ADMIN')");
		}
	}
	//如果还需要其他的资源服务，就需要添加其他的资源服务
	//...
}